Described is an architecture for providing access to administrative functionality in a virtualization system using implied authentication. This approach avoids the problems associated with the requirements to use a user ID and password to access an admin console. The user ID and password can be rendered completely unnecessary, or where the user ID and password combination is only used as a supplement to the implied authentication.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method for providing access to administrative functionality in a virtualization environment, comprising: identifying an administrative functionality to access; communicating from a virtual machine over a secure communications channel to access the administrative functionality; wherein implied authentication corresponding to communications mechanisms in an underlying virtualization infrastructure is used to authenticate access to the administrative functionality from the virtual machine; wherein the secure communications channel comprises a virtual NIC at the virtual machine that communicates to the administrative functionality via a virtual switch; and wherein the implied authentication is implemented by permitting only a correct MAC address to communicate over the secure communications channel.
2. The computer-implemented method of claim 1 , wherein the virtual switch is dedicated to the correct MAC address.
3. The computer-implemented method of claim 1 , wherein each virtual NIC corresponds to a dedicated virtual switch.
4. The computer-implemented method of claim 1 , wherein multiple virtual NICs correspond to a shared virtual switch.
5. The computer-implemented method of claim 1 , wherein the secure communications channel comprises a virtual disk having one or more buffers to communicate between the virtual machine and the administrative functionality.
6. The computer-implemented method of claim 5 , wherein the implied authentication is implemented by permitting only an authorized entity to access the virtual disk.
7. The computer-implemented method of claim 1 , wherein the virtual machine communicates to a controller virtual machine to access the administrative functionality.
8. The computer-implemented method of claim 1 , wherein one or more tags are used to permit access to multiple objects that share a common tag.
9. The computer-implemented method of claim 1 , wherein the implied authentication is used in conjunction with key data or a combination of a username and password to authenticate access to the administrative functionality from the virtual machine.
10. A system for providing access to administrative functionality in a virtualization environment, comprising: a computer processor to execute a set of program instructions; a memory to hold the program code instructions, in which the program code instructions comprises program code to perform: identifying an administrative functionality to access; communicating from a virtual machine over a secure communications channel to access the administrative functionality; wherein implied authentication corresponding to communications mechanisms in an underlying virtualization infrastructure is used to authenticate access to the administrative functionality from the virtual machine; wherein the secure communications channel comprises a virtual NIC at the virtual machine that communicates to the administrative functionality via a virtual switch; and wherein the implied authentication is implemented by permitting only a correct MAC address to communicate over the secure communications channel.
11. The system of claim 10 , wherein the virtual switch is dedicated to the correct MAC address.
12. The system of claim 10 , wherein each virtual NIC corresponds to a dedicated virtual switch.
13. The system of claim 10 , wherein multiple virtual NICs correspond to a shared virtual switch.
14. The system of claim 10 , wherein the secure communications channel comprises a virtual disk having one or more buffers to communicate between the virtual machine and the administrative functionality.
15. The system of claim 14 , wherein the implied authentication is implemented by permitting only an authorized entity to access the virtual disk.
16. The system of claim 10 , wherein the virtual machine communicates to a controller virtual machine to access the administrative functionality.
17. The system of claim 10 , wherein one or more tags are used to permit access to multiple objects that share a common tag.
18. The system of claim 10 , wherein the implied authentication is used in conjunction with key data or a combination of a username and password to authenticate access to the administrative functionality from the virtual machine.
19. A computer program product embodied in a non-transitory computer readable medium, the computer readable medium having stored thereon a sequence of instructions which, when executed by a processor causes the processor to execute a process for providing access to administrative functionality in a virtualization environment, the process comprising: identifying an administrative functionality to access; communicating from a virtual machine over a secure communications channel to access the administrative functionality; wherein implied authentication corresponding to communications mechanisms in an underlying virtualization infrastructure is used to authenticate access to the administrative functionality from the virtual machine; wherein the secure communications channel comprises a virtual NIC at the virtual machine that communicates to the administrative functionality via a virtual switch; and wherein the implied authentication is implemented by permitting only a correct MAC address to communicate over the secure communications channel.
20. The computer program product of claim 19 , wherein the virtual switch is dedicated to the correct MAC address.
21. The computer program product of claim 19 , wherein each virtual NIC corresponds to a dedicated virtual switch.
22. The computer program product of claim 19 , wherein multiple virtual NICs correspond to a shared virtual switch.
23. The computer program product of claim 19 , wherein the secure communications channel comprises a virtual disk having one or more buffers to communicate between the virtual machine and the administrative functionality.
24. The computer program product of claim 23 , wherein the implied authentication is implemented by permitting only an authorized entity to access the virtual disk.
25. The computer program product of claim 19 , wherein the virtual machine communicates to a controller virtual machine to access the administrative functionality.
26. The computer program product of claim 19 , wherein one or more tags are used to permit access to multiple objects that share a common tag.
27. The computer program product of claim 19 , wherein the implied authentication is used in conjunction with key data or a combination of a username and password to authenticate access to the administrative functionality from the virtual machine.
28. A computer-implemented method for providing access to administrative functionality in a virtualization environment, comprising: determining encryption key data for a virtual machine; mounting a storage unit at the virtual machine; using the storage unit mounted at the virtual machine to exchange the encryption key data; identifying an administrative functionality to access; generating encrypted messages from the virtual machine using the encryption key data to access the administrative functionality; wherein access to the administrative functionality is granted if the encryption key data is properly used to generate the encrypted messages; communicating from the virtual machine over a secure communications channel to access the administrative functionality; and wherein implied authentication is used to authenticate access to the administrative functionality from the virtual machine.
29. The computer-implemented method of claim 28 , wherein the encryption key data comprises a private key generated for the virtual machine.
30. The computer-implemented method of claim 28 , wherein the secure communications channel comprises a virtual NIC at the virtual machine that communicates to the administrative functionality via a virtual switch.
31. The computer-implemented method of claim 30 , wherein the implied authentication is implemented by permitting only a correct MAC address to communicate over the secure communications channel.
32. The computer-implemented method of claim 31 , wherein the virtual switch is dedicated to the correct MAC address.
33. The computer-implemented method of claim 30 , wherein each virtual NIC corresponds to a dedicated virtual switch.
34. The computer-implemented method of claim 30 , wherein multiple virtual NICs correspond to a shared virtual switch.
35. The computer-implemented method of claim 28 , wherein the secure communications channel comprises a virtual disk having one or more buffers to communicate between the virtual machine and the administrative functionality.
36. The computer-implemented method of claim 28 , wherein the virtual machine communicates to a controller virtual machine to access the administrative functionality.
37. The computer-implemented method of claim 28 , wherein one or more tags are used to permit access to multiple objects that share a common tag.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 1, 2014
February 7, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.